Skip to content

HTTP API

Almost everything Setu does is reached over MCP, not REST — the tools are the API. This page covers the raw HTTP surface underneath.

If you're integrating an assistant, you want Tools, not this page. There is exactly one REST endpoint, and it exists to feed the dashboard.

Base URL

text
https://api.mimanasa.online

Endpoints

MethodEndpointDescription
POST/mcpThe MCP endpoint. Streamable HTTP. Requires a bearer token; returns 401 with a WWW-Authenticate header pointing at the resource metadata.
GET/api/statsYour profile and send history, for the dashboard. Bearer token = a Google access token.
GET/.well-known/oauth-protected-resource/mcpRFC 9728 resource metadata. How a client discovers the authorization server.
GET/.well-known/oauth-authorization-serverOAuth 2.1 server metadata: authorize, token, and registration endpoints.
POST/registerDynamic client registration. Google doesn't support DCR, so Setu proxies it — this is what makes remote MCP clients able to connect at all.
GET/authorizeStarts the OAuth flow. Redirects to Google.
POST/tokenExchanges an authorization code for an access token.
GET/auth/callbackWhere Google redirects back. Must match the URI registered in Google Cloud Console exactly.

GET /api/stats

Read-only. The token names the user, so a caller can only ever read their own rows — there is no user ID parameter to tamper with.

Request

bash
curl https://api.mimanasa.online/api/stats \
  -H "Authorization: Bearer <google_access_token>"

Response

json
{
  "email": "you@gmail.com",
  "name": "Himanshu Yadav",
  "resume_link": "https://drive.google.com/file/d/…",
  "total_sent": 42,
  "total_failed": 1,
  "sent_last_24h": 12,
  "daily_limit": 80,
  "companies": 38,
  "recent": [
    {
      "to_email": "careers@acme.com",
      "company": "Acme",
      "subject": "Application for Backend Engineer at Acme",
      "success": true,
      "error": null,
      "sent_at": "2026-07-15T09:22:04+00:00"
    }
  ]
}

Status codes

200OK
401Missing, invalid, or expired bearer token
404No such route

Connecting a client

You shouldn't need to implement any of this by hand — an MCP client does the discovery, registration, and PKCE for you. Point it at:

text
https://api.mimanasa.online/mcp

The flow: the client fetches the resource metadata, registers itself at /register, sends the user to /authorize, and Setu hands off to Google. Google doesn't support dynamic client registration, which is why Setu sits in the middle as an OAuth proxy rather than pointing clients straight at Google.

Rate limits

Sending limits are per user and enforced in the server, not in the HTTP layer: 80 emails per rolling 24 hours, 25 per batch call. Over the limit, the tool returns success: false with a reason — not an HTTP error.